From an external threat perspective, network firewall technology has long been the first line of defense for detecting and preventing advanced threats. Network firewalls protect organizations from inbound threats, control outbound traffic, and are heavily relied upon by other systems like Security Information and Event Management (SIEM) technologies as a critical data source for obtaining security intelligence as it relates to your network as a whole.

However, when it comes to internal threat detection, organizations have struggled for years to detect even the most common threat scenarios (let alone prevent them), relying on log data from critical applications like Active Directory that are improperly suited to answer difficult questions about what is actually happening within their environments. The net result is a rapidly increasing rate of data breach events that today can only be understood after an event has occurred, if at all.